Why are my expiration dates different?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Oct 20 00:44:53 CEST 2016
On Wed 2016-10-19 12:16:23 -0400, gpg at noffin.com wrote:
> When I run the command:
>
> gpg --list-secret-keys
> <snip>
> /home/repo-owner/.gnupg/secring.gpg
> -----------------------------------
> sec 2048R/XXXXXXXXX 2014-10-30 [expires: 2016-10-29]
> </snip>
[...]
> gpg --edit-key XXXXXXXXX
> gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Secret key is available.
>
> pub 2048R/XXXXXXXXX created: 2014-10-30 expires: 2017-10-31 usage: SC
the difference here is looking at secret keys and public keys. in
gpg version 1.4.x or 2.0.x, those are not well-synchronized. the
expiration date seen in the pubring.gpg is the thing that any other user
will see, so that's the one to rely on.
in gpg version 2.1.x or later, the metadata is synchronized across
secret keys and publicly (more specifically, the view of the secret keys
shows the date that comes from the public keyring).
--dkg
More information about the Gnupg-users
mailing list